preserve original starttime on renewed TGTs
Nicolas Williams
Nicolas.Williams at oracle.com
Fri Nov 19 17:01:41 EST 2010
On Fri, Nov 19, 2010 at 04:43:42PM -0500, Simo Sorce wrote:
> On Fri, 19 Nov 2010 13:21:34 -0800
> Frank Cusack <frank+krb at linetwo.net> wrote:
>
> > When running 'kinit -R', the KDC resets the starttime on the returned
> > TGT to "now". I'd like to modify my KDC to preserve the original
> > starttime instead. That could make a renewed TGT appear to have
> > longer than the normal maximum configured lifetime, but it seems like
> > a fairly trivial non-problem. As opposed to a postdated ticket, this
> > would be now be a predated ticket.
>
> Hi Frank,
> I am curious to understand why you want to do that.
> What class of use cases does it solve?
My guess: it helps deal with servers whose clocks are a little bit
behind (but still within skew).
Nico
--
More information about the krbdev
mailing list